# Cloud Policy
Cloud Policy is the system to enforce some feature to enable or disable.
For example, [kLacrosAvailability](https://source.chromium.org/chromium/chromium/src/+/main:out/chromeos-Debug/gen/components/policy/policy_constants.cc;l=5840;drc=f4a00cc248dd2dc8ec8759fb51620d47b5114090) is the policy to decide whether lacros is available.
Let's see how policy is managed.
## Policy Management
[PolicyManager](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/policy/core/device_local_account_policy_provider.cc;l=148-150;drc=f4a00cc248dd2dc8ec8759fb51620d47b5114090) is the main switching cenrtal between cloud policy and the policy stack.
When cloud policy store is loaded, [OnStoreLoaded](https://source.chromium.org/chromium/chromium/src/+/main:components/policy/core/common/cloud/cloud_policy_store.h;l=34;drc=f4a00cc248dd2dc8ec8759fb51620d47b5114090) is called and [CheckAndPublichPolicy](https://source.chromium.org/chromium/chromium/src/+/main:components/policy/core/common/cloud/cloud_policy_manager.cc;l=116;drc=f4a00cc248dd2dc8ec8759fb51620d47b5114090).
For Ash, [UserCloudPolicyManagerAsh](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/policy/core/user_cloud_policy_manager_ash.h;l=55;drc=7b9d035e02962c8d9141eaa9fd31a2613c5000c6) is the actual implementation.
Here, we have [PolicyEnforcement](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/policy/core/user_cloud_policy_manager_ash.h;l=63;drc=7b9d035e02962c8d9141eaa9fd31a2613c5000c6) enum which represents how much we should enfore the policy.
For example, if the enforcement is `kPolicyOptional`, you can allow to start without the policy if it's already started, and not for others.
```cpp=
if (!client()->is_registered() &&
enforcement_type_ != PolicyEnforcement::kPolicyOptional) {
// We expected to load policy, but we don't have policy, so exit the
// session.
LOG(ERROR) << "Failed to load policy during synchronous restart "
<< "- terminating session";
if (fatal_error_callback_)
std::move(fatal_error_callback_).Run();
return;
}
```
This policy is tied with profile.
[`user_cloud_policy_manager_ash_`](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/profiles/profile_impl.cc;l=575;drc=f4a00cc248dd2dc8ec8759fb51620d47b5114090) is constructed and owned by Profile object construction.
So, policy is not initialized before the profile construction.,
Sometime, we also need to update policy while Chrome is running.
For example, when [DeviceSettingsUpdated](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/policy/core/device_cloud_policy_store_ash.cc;l=133;drc=f4a00cc248dd2dc8ec8759fb51620d47b5114090), it may affect policy.
This policy update seems to be comming from [proto](https://source.chromium.org/chromium/chromium/src/+/main:out/chromeos-Debug/gen/components/policy/proto/device_management_backend.pb.h;l=7798;drc=f4a00cc248dd2dc8ec8759fb51620d47b5114090) outside of Chrome.
## How to set/get policy
The list of policy is stored as [PolicyMap](https://source.chromium.org/chromium/chromium/src/+/main:components/policy/core/common/policy_map.h;l=35;drc=f4a00cc248dd2dc8ec8759fb51620d47b5114090).
You can set the value from [PolicyMap::Set](https://source.chromium.org/chromium/chromium/src/+/main:components/policy/core/common/policy_map.cc;l=373;drc=f4a00cc248dd2dc8ec8759fb51620d47b5114090).
Many policies will be set from auto generated files by [policy_constants](https://source.chromium.org/chromium/chromium/src/+/main:components/policy/BUILD.gn;l=257;drc=3d1f3fe767c49bdd55fbf3e1bba212b17cbfb271).
Some polices are also set from each provider such as [DeviceLocalAccountPolicyProvider](https://source.chromium.org/chromium/chromium/src/+/main:chrome/browser/ash/policy/core/device_local_account_policy_provider.cc;l=148-150;drc=f4a00cc248dd2dc8ec8759fb51620d47b5114090).
The set policy can be obtained from GetValue.
For example, given policy map `map`, you can get the value for the target key `kLacrosAvilability` like this:
```cpp=
const base::Value* value =
map.GetValue(policy::key::kLacrosAvailability, base::Value::Type::STRING);
```
Sign in with Wallet
Connect another wallet